PT-2026-3589 · Ibm · Ibm Sterling Connect:Express Adapter For Sterling B2B Integrator

Published

2026-01-20

Updated

2026-01-20

CVE-2025-36066

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12

Description The software contains a cross-site scripting issue. An unauthenticated attacker can embed arbitrary JavaScript code into the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The vulnerable component allows for the injection of malicious scripts.

Recommendations Apply updates to versions beyond 5.2.0.12.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-36066

Affected Products

Ibm Sterling Connect:Express Adapter For Sterling B2B Integrator

CVE-2025-36066

Weakness Enumeration

Related Identifiers

Affected Products

References · 5